Kent Crispin <kent@bywater.songbird.com> writes:
Given the frequency of "I've forgotten my password" incidents at company help desks, widespread use of cryptography would cause this to become *the* prime cause of lost data.
pgp5.5 doesn't cope with this very well -- it requires all of the stored emails to be decrypted by the holder of the recovery key and re-encrypted to the users new key. Same thing for tape archives, write once CD archives, etc., etc. Password memory lapses are likely to be the major problem. It would suggest that smart cards might be a valuable ergonomics investment. I understand dumb card readers are dirt cheap (~$10 in volume) and can be plugged inline into keyboard cables. Reckon you could swallow the cost in the product price even ($159 or whatever the business edition is).
The physical mail analogy to PGP's implementation of CMR is as follows: Company policy is that it does not accept private pmail for individuals. All mail for individuals must be addressed
XYZ Company attn: Indi Vidual Address1 Address2
Mail addressed like this:
Indi Vidual Address1 Address2
will be returned, because the company doesn't accept private mail. Company mail is to be used for company business. You don't receive Playboy at work, you receive it at home.
Reasonable analogy of what's going on wrt strictly company use addresses, and with companies which may allow private use addresses. Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`